Editing GPG Guide
From Bibliotheca Anonoma
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 2: | Line 2: | ||
WIP (Ctrl-S's job) | WIP (Ctrl-S's job) | ||
Guide for securely creating a PGP keyset. | Guide for securely creating a PGP keyset. | ||
Line 7: | Line 8: | ||
Some smartcards support longer keys. | Some smartcards support longer keys. | ||
This guide will use 2048 bit RSA keys for as much security as is currently practical. | This guide will use 2048 bit RSA keys for as much security as is currently practical. | ||
Line 88: | Line 90: | ||
# Let machine boot into persistant liveusb | # Let machine boot into persistant liveusb | ||
# Ubuntu desktop environment should be displayed on your computer. | # Ubuntu desktop environment should be displayed on your computer. | ||
=== Update liveUSB software === | === Update liveUSB software === | ||
Line 145: | Line 148: | ||
gpg/card> | gpg/card> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Remove machine from network == | == Remove machine from network == | ||
Line 154: | Line 158: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
* You should fail to connect. | * You should fail to connect. | ||
== Generate keys == | == Generate keys == | ||
* !!! BE OFFLINE !!! | * !!! BE OFFLINE !!! | ||
=== GPG Secret keys === | === GPG Secret keys === | ||
* Create master as demonstrated in the following example: | * Create master as demonstrated in the following example: | ||
Line 474: | Line 483: | ||
$ ## Finished creating the subkeys. | $ ## Finished creating the subkeys. | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Store keys to backup drives === | === Store keys to backup drives === | ||
Line 486: | Line 497: | ||
$ cd '/medua/ubuntu/keystore01/gpg.ctrl-s.2020-02-01' | $ cd '/medua/ubuntu/keystore01/gpg.ctrl-s.2020-02-01' | ||
</syntaxhighlight> | </syntaxhighlight> | ||
* Secret keys: | * Secret keys: | ||
Line 626: | Line 638: | ||
gpg/card> quit ## Exit GPG. | gpg/card> quit ## Exit GPG. | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Reload the secret key and subkeys from the backup file === | === Reload the secret key and subkeys from the backup file === | ||
This is required if you want to prepare more than one smartcard. | This is required if you want to prepare more than one smartcard. | ||
==== Delete GPG keystore ==== | ==== Delete GPG keystore ==== | ||
Line 639: | Line 653: | ||
$ date; rm -rf ~/.gnupg/ # Erase GPG keystore alltogether. | $ date; rm -rf ~/.gnupg/ # Erase GPG keystore alltogether. | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==== Import secret key from file ==== | ==== Import secret key from file ==== | ||
Line 647: | Line 662: | ||
$ date; gpg --allow-secret-key-import --import FEEDB00BCODEBEEF-20200530.subkeys.txt | $ date; gpg --allow-secret-key-import --import FEEDB00BCODEBEEF-20200530.subkeys.txt | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==== Set imported secretkey to maximum trust level ==== | ==== Set imported secretkey to maximum trust level ==== | ||
Line 657: | Line 673: | ||
gpg>save # Save changes and exit GPG. | gpg>save # Save changes and exit GPG. | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Move the key to smartcard === | === Move the key to smartcard === | ||
Line 692: | Line 711: | ||
gpg> y ## Confirm the trust setting. | gpg> y ## Confirm the trust setting. | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Erase keys from liveusb == | == Erase keys from liveusb == | ||
Line 699: | Line 721: | ||
$ rm -rf ~/.gnupg* | $ rm -rf ~/.gnupg* | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Setup public key side === | === Setup public key side === | ||
Line 705: | Line 729: | ||
=== Set up key on machine we want to SSH to === | === Set up key on machine we want to SSH to === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
## TODO | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 722: | Line 743: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
https://github.com/drduh/YubiKey-Guide#using-multiple-keys | https://github.com/drduh/YubiKey-Guide#using-multiple-keys | ||
== Sources == | == Sources == |